Insecure hotel keycard locks to be replaced by manufacturer after hacking scandal

Onity logo 640

Following a string of hotel room burglaries preying on vulnerable locks made by Onity, the company has finally agreed to replace some of the systems at its own expense. According to Forbes, Onity is currently working with the Marriott, InterContinental Hotel Group, and the Hyatt to replace the insecure locks in their hotels, and will cover some, if not all, of the cost. A timeline for replacement is not clear, but an unnamed hotel industry source told Forbes that the company is trying to address "the security issues as quickly as they can."

Onity will cover some, but not all, of the cost

The vulnerability was first disclosed at the Black Hat conference in July by Mozilla developer Cody Brocious, and involves hooking into a data port on the underside of the lock and using a device to hack the firmware, thus opening the door. In August, Onity stated that it would not pay to replace the locks, and instead offered a free plug to block the port.

Petra Risk Solutions' director of risk management Todd Seiders told Forbes that certain language in the lock replacement contracts could free Onity of liability for future hacks, suggesting an "ulterior motive" for the fix. We'll have to wait and see, but hopefully Onity's new locks prove more secure.

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.